我想访问QuickBlox中的API,但在此之前我们需要验证我们的应用程序并获取会话令牌,并使用会话令牌我们可以访问其他API。 但问题是,当我使用QuickBlox网站上提供的所需规范发送身份验证请求时,我收到错误消息:
{“errors”:{“base”:[“Unexpected signature”]}}
生成签名的参数是:
application_id=22&auth_key=wJHd4cQSxpQGWx5&nonce=33432×tamp=1326966962
然后我们以HMAC-SHA格式转换它:
hash_hmac( 'sha1', $signatureStr , $authSecret);
请帮我解决这个问题。
答案 0 :(得分:2)
我在php上编写了代码片段,它会生成签名。它运作良好
这是我的测试应用程序的凭据:
$application_id = 92;
$auth_key = "wJHdOcQSxXQGWx5";
$authSecret = "BTFsj7Rtt27DAmT";
$nonce = rand();
echo "<br>nonce: " . $nonce;
$timestamp = time();
echo "<br>timestamp: " . $timestamp ."<br>";
$stringForSignature = "application_id=".$application_id."&auth_key=".$auth_key."&nonce=".$nonce."×tamp=".$timestamp;
echo $stringForSignature."<br>";
$signature = hash_hmac( 'sha1', $stringForSignature , $authSecret);
echo $signature;
希望这个帮助
答案 1 :(得分:2)
问题已解决
我的请求参数存在问题。
$params = "application_id=$application_id&auth_key=$auth_key×tamp=$timestamp&nonce=$nonce&signature=$signature&**auth_secret=$authSecret**";
在这个参数中,我传递了一个额外的参数my auth secret key,它不应该存在。我删除了这个参数,现在它正在工作。
答案 2 :(得分:2)
以下是如何创建QuickBlox会话的完整示例:
<?php
// Application credentials
DEFINE('APPLICATION_ID', 92);
DEFINE('AUTH_KEY', "wJHdOcQSxXQGWx5");
DEFINE('AUTH_SECRET', "BTFsj7Rtt27DAmT");
// User credentials
DEFINE('USER_LOGIN', "emma");
DEFINE('USER_PASSWORD', "emma");
// Quickblox endpoints
DEFINE('QB_API_ENDPOINT', "https://api.quickblox.com");
DEFINE('QB_PATH_SESSION', "session.json");
// Generate signature
$nonce = rand();
$timestamp = time(); // time() method must return current timestamp in UTC but seems like hi is return timestamp in current time zone
$signature_string = "application_id=".APPLICATION_ID."&auth_key=".AUTH_KEY."&nonce=".$nonce."×tamp=".$timestamp."&user[login]=".USER_LOGIN."&user[password]=".USER_PASSWORD;
echo "stringForSignature: " . $signature_string . "<br><br>";
$signature = hash_hmac('sha1', $signature_string , AUTH_SECRET);
// Build post body
$post_body = http_build_query(array(
'application_id' => APPLICATION_ID,
'auth_key' => AUTH_KEY,
'timestamp' => $timestamp,
'nonce' => $nonce,
'signature' => $signature,
'user[login]' => USER_LOGIN,
'user[password]' => USER_PASSWORD
));
// $post_body = "application_id=" . APPLICATION_ID . "&auth_key=" . AUTH_KEY . "×tamp=" . $timestamp . "&nonce=" . $nonce . "&signature=" . $signature . "&user[login]=" . USER_LOGIN . "&user[password]=" . USER_PASSWORD;
echo "postBody: " . $post_body . "<br><br>";
// Configure cURL
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, QB_API_ENDPOINT . '/' . QB_PATH_SESSION); // Full path is - https://api.quickblox.com/session.json
curl_setopt($curl, CURLOPT_POST, true); // Use POST
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body); // Setup post body
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); // Receive server response
// Execute request and read responce
$responce = curl_exec($curl);
// Check errors
if ($responce) {
echo $responce . "\n";
} else {
$error = curl_error($curl). '(' .curl_errno($curl). ')';
echo $error . "\n";
}
// Close connection
curl_close($curl);
?>
答案 3 :(得分:0)
您必须使用自己的应用程序参数:
和随机'nonce'和当前时间戳(不是来自示例,您可以在此网站上获取当前时间戳http://www.unixtimestamp.com/index.php)
您的代码是正确的,但您必须设置适当的参数
答案 4 :(得分:0)
1)您应该发送请求以更正网址。
要 https://api.quickblox.com/的 auth.json
代替 https://api.quickblox.com/session.json
2)您应该使用此功能修复SSL问题。
curl_setopt($ ch,CURLOPT_SSL_VERIFYPEER,false)
答案 5 :(得分:0)
我们使用php,下一个代码适合我们:
<?php
$userLogin = '{YOUR_QB_USER}';
$userPassword = '{YOUR_QB_PASSWORD}';
$body = [
'application_id' => '{YOUR_QB_APPLICATION_ID}',
'auth_key' => '{YOUR_QB_AUTH_KEY}',
'nonce' => time(),
'timestamp' => time(),
'user' => ['login' => $userLogin, 'password' => $userPassword]
];
$built_query = urldecode(http_build_query($body));
$signature = hash_hmac('sha1', $built_query , '{YOUR_QB_APP_SECRET}');
$body['signature'] = $signature;
$post_body = http_build_query($body);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, 'https://{YOUR_QB_HOST}/session.json');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_body);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
$token = json_decode($response, true)['session']['token'];
printf('Your token is: %s %s', $token, PHP_EOL);